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ABSTRACT : 


The Cal Poly Space Project requires a data 
collection/control system which must be able to reliably record 
temperature, pressure and vibration data. It must also schedule 
the 16 electroplating and 2 immiscible alloy experiments so as to 
optimize use of the batteries, maintain a safe package 
temperature profile, and run the experiment during conditions of 
microgravity (and minimum vibration). This system must operate 
unattended in the harsh environment of space and consume very 
little power due to limited battery supply. This paper addresses 
the design of a system which meets these requirements. 
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A RELIABLE DATA COLLECTION/CONTROL SYSTEM 


The cylindrical 2.5 cubic foot getaway special cannister 
donated by Robert Mager and associates is being utilized to 
perform 2 immiscible alloy experiments and 16 electroplating 
experiments in the microgravity of a low earth orbit afforded by 
the space shuttle. A computer system is required which will 
reliably control the sequencing of experiment events and 
accurately collect data from the temperature, pressure, 
vibration, voltage and current sensors which monitor the physical 
state of each experiment. The experiments must be scheduled in 
such a manner so as to optimize use of the batteries, keep the 
temperature of the cannister within a safe range, and conduct the 
experiments during periods of minimum vibration. The design 
issues discussed in this paper are: the techniques for improving 
reliability, the electronic hardware choices, and an overview of 
the software functions . 

A variety of methods for increasing the reliability of the 
data collection/control system were considered. This design 
implemented three classes of reliability techniques: 1) fault 
avoidance, 2) fault detection, and 3) dynamic redundancy 
( reconf igurable duplication) . Examples of fault avoidance 
techniques are: a) component burn-in (to get past infant 
mortality rate), b) use of high quality mil-spec screened 
components, c) good circuit assembly techniques (thorough 
inspection and testing of the assembly), and d) protective 
packaging (conformal coating, rf shielding, etc). Two types of 
fault detection are employed. One is a watchdog timer which is 
preloaded prior to the execution of a functional block of code 
with the maximum acceptable time for execution of that function. 
If the timer times out then a (triple redundant) memory location 
is checked to find out what function was in progress and the 
appropriate re-execution occurs. The other method of fault 
detection is the liberal use of checksums on critical memory 
transfer operations. These techniques provide recovery from 
transient faults. A catastrophic fault (component failure) is 
detected when the number of attempted re-executions of a 
functional block of code reaches a pre-defined limit. This is 
when the third reliability technique (dynamic redundancy) comes 
into play. Rather than gracefully degrade to a more limited 
functional state, a complete backup microcomputer system is 
instructed to resume the task of the primary module. During the 
normal course of operation the backup module periodically 
exchanges a status byte with the primary module. This status 
byte indicates what process has been successfully completed, or 
if an error condition occurs. The backup system is reconfigured 
to take over the control and data collection function if the 
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proper error status bytes are received or if no status bytes are 
received during the intermodule communication. If a further 
catastrophic failure occurs, the backup system will attempt to 
continue functioning in a gracefully degraded fashion by 
switching off power to the bad component. Several voltage 
regulators are employed which allow power to be turned on/off to 
the various subsystems such as A/D converters, D/A converters, 
and the serial communications link. In the case of battery power 
failure the memory and real time clock have a backup battery 
which provides approximately four months time and data retention. 
This also protects the data from inadvertent loss due to battery 
disconnect . 

The next stage in the design after researching ideas for 
reliability enhancements was to decide on the hardware which 
would be used. The requirements of low power, operation in an 
electrically noisy environment, and wide package temperature 
profile dictate the use of mil-spec CMOS components. Several 
candidates (CDP1802, NSC800, 80C48, 68C02) for microprocessors 
were considered and the NSC800 was chosen. The CMOS NSC800 is 
available in full 883B military specification (temperature range: 
-55 C to +125 C). It utilizes the powerful Z80 instruction set 
and features a multiplexed address/data bus and five interrupt 
request lines like the Intel 8085. The similarity to the 8085 is 
beneficial since my previous design experience is with the 8085. 
The microprocessor and some of the related peripheral chips are 
readily available free of charge through the generosity of 
National Semiconductor's parts grant program to the EE/EL 
department at Cal Poly. National offers a full line of CMOS 
components and dedicated peripherals which allow implementation 
of the required features while keeping the interface circuitry 
simple. One such peripheral chip is the NSC810 - 128 bytes ram, 
22 I/O lines and two programmable 16 bit counter/timers . The 
NSC810 provides the function of watchdog timer, scratchpad ram, 
and 22 lines for monitoring and control. Another peripheral chip, 
the NSC858 UART (universal asynchronous receiver/ transmitter ) 
provides serial data communications (RS232 port). This serial 
port is used to link the primary microcomputer system to the 
backup for transfer of status bytes as well as facilitating 
transfer of experimental data from ram to another computer upon 
completion of the mission. Analog-to-digital conversion is 
performed by two National ADC0816's. Each ADC0816 features a 16 
channel multiplexer and 8 bit analog-to-digital converter. This 
means up to 32 sensors can be monitored. Continuosly variable 
control of the two immiscible alloy ovens is achieved using a 
DAC0830 digital-to-analog converter linked to a dual 4 channel 
analog multiplexer (74HC4352). The timekeeping function and 
processor wakeup is provided by the MM58167 real-time clock 
( RTC ) . This RTC also features a low power standby mode. Battery 
back-up and chip select logic for the ram is provided by the 
Dallas Semiconductor DS1221. The data storage medium is two 32k 
x 8 static rams manufactured by Fujitsu (84256), though any 32k x 
8 cmos ram is satisfactory. The program is stored in a 16K x 8 
EPROM ( 27C128) . The data bus is buffered using National's 82PC08 
bidirectional transceiver. The low order address bus is latched 
(data and low order address are temporally multiplexed) and 
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buffered using the 74HC373 octal D-type latch. The high order 
address bus is buffered using the 74HC373 with latch enable tied 
inactive. Intersil's ICL7663 micropower voltage regulators are 
used because they have a logic input which allows them to be 
turned on and off. Separate regulators (with a flip-flops to 
latch the power control signals) are used for the D/A section, 
the A/D section, the communications hardware, and one for the 
microprocessor circuitry. This helps implement the graceful 
degradation reliability technique (if a section fails it can be 
shut off leaving some degree of function). The processor's 
regulator is turned on by the real time clock interrupt signal 
which is generated once every 60 seconds. It is then up to the 
processor through the NSC810 to turn on the power to other 
subsystems as they are needed; or if appropriate, to turn its own 
power back off. This feature keeps idle time power consumption 
to a minimum. The ICL7663 also provides programmable current 
limit protection. The flip flops and memory mapped I/O chip 
select and other "glue" logic is implemented using high speed 
cmos parts (74HC112, 74HC138, 74HC00, 74HC04, etc). Aside from 
bypass capacitors, resistors, and transistors the electronic 
hardware has been described as it relates to the system function. 

The next part of the design description is an overview of 
the operational scenario. This forms the basis for a software 
specification which gets translated into a flow diagram and then 
eventually gets programmed into assembly language and henceforth 
loaded into ROM. This is the portion of the design which is 
currently being developed. The processor normally is turned on 
once per minute by the interrupt from the real time clock. When 
it turns on it first checks a status byte which tells if it is in 
orbit. If this status byte is not present it checks for a 
signal called ACTIVATE (initiated by the shuttle astronauts 
indicating orbit has been achieved). When the ACTIVATE signal is 
detected, a byte is set which tells the processor on subsequent 
wakeups that the package is in orbit. In response, another signal 
called ACKNOWLEDGED, is sent to an indicator in the shuttle 
saying that the ACTIVATE signal has been received. A third 
signal line called CUTPOWER is connected directly to a relay in 
line with the battery supplying power to the experiments. This 
provides a master shut off in case something goes awry and the 
astronauts wish to kill the experiment. When in orbit the 
temperature and vibration of the package are evaluated and if 
conditions are satisfactory then it is time to perform the 
experiments. The tentative schedule is to run one immiscible 
alloy, then eight electroplating, the other immiscible alloy, and 
then the other eight electroplating experiments. During 
immiscible alloy experiments the power is not turned on and off 
for power savings but rather the power-save feature of the NSC800 
.is utilized between readings. The temperature resolution of the 
ovens is approximately 4 C (the upper oven temp is 1000 C). 
Temperature is recorded once per second and the temperature of 
the ovens is increased by 4 degrees twice per minute. A timer in 
the NSC810 and the real-time clock provide the time base for 
sampling and oven control. The electroplating experiments do not 
require close monitoring and so the processor power is turned 
on by RTC interrupt and turned off after taking a voltage and 
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current reading once the individual electroplating cell is 
powered up. After the programmed time period the cell is then 

I turned off and the next electroplating cell in the series is 

activated. When the experiments are completed the time and date 
are the last thing recorded in memory and all status bytes are 
returned to the inactive state and the ACKNOWLEDGED signal is 
turned off (which lets the astronauts no the experiment has 

powered down). Upon return of the Get-Away Special package from 
NASA the data is transferred from the non-volatile ram into 
another computer for processing and analysis. 

In conclusion, the data/collection and control system has 
been designed to complete a task reliably and accurately and even 
in the event of limited component malfunction. I have learned a 
great deal throughout the design and implementation of this 
project. This effort has given me experience which helped land a 
job doing software development for microprocessor-based 
instruments. This project was not without setbacks, the 
explosion of the shuttle Challenger caused a serious morale 

problem which has delayed completion as well as drastically 

reduced the number of members in the Cal Poly Space Project. 

We ? ve got the ball rolling again and plan on being finish with 
the whole package in March 1988. My interest in the space 
program is still alive and healthy and I hope to add my name to 
those who've helped in the conquest of the endless frontier. 
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